-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] 7.x custom npm install
scripts don't appear to be respected in dependencies
#1651
Comments
You can also see this behavior by running the command $ npm i oh-hi In npm v6.14.7 you see the following output [test]$ npm i oh-hi
> oh-hi@1.0.4 install /private/var/folders/7t/thbq5c7x72q06b5c4c7dj6xc0000gn/T/test/node_modules/oh-hi
> echo oh hi
oh hi
+ oh-hi@1.0.4
updated 1 package and audited 1 package in 0.348s
found 0 vulnerabilities In npm v7.0.0-beta.2 you see that the install script was never run
|
Wasn't this an intentional change, to prevent people from showing ads to their consumers on install? |
@ljharb potentially... TBH I'm just documenting breakages that I'm noticing break expecting + observable behavior. Honestly not allowing for a custom |
There's two bugs here, one real and one imaginary. We should fix them both. The config param was not being set in the env as expected. That's the real bug. Second, the I'm not sure why you're not seeing
When I install oh-hi, it just shows this:
Even with |
@isaacs definitely seeing the install pass. To reproduce install with npm v6 so you have a working package-lock.json and then attempt to install. My gut here is that the Make a folder with the below files and run package.json {
"name": "test",
"version": "1.0.0",
"dependencies": {
"omg-i-pass-with-install-param": "^3.0.0"
}
} package-lock.json {
"name": "test",
"version": "1.0.0",
"lockfileVersion": 1,
"requires": true,
"dependencies": {
"omg-i-pass-with-install-param": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/omg-i-pass-with-install-param/-/omg-i-pass-with-install-param-3.0.0.tgz",
"integrity": "sha1-DXOJkJQp+dp51HGiN8376v8akXw="
}
}
}
|
From slack:
|
Fixed in latest v7 beta. Thanks! |
Our module not only prints output, it queries the user for configuration during installation, using readline(), and then downloads a third party library configured as requested. With npm v7, the install script isn't running at all, because if the output was just getting suppressed, it would hang the install (I'm guessing, but I see no evidence it tried to run.) This is disastrous. Our module now doesn't install properly. So the behavior has been crippled because some bad actors were showing ads??? Is there a workaround for this so we don't have to tell the user to manually run another step? |
You can try using the foreground-scripts option. |
Current Behavior:
Running
npm install omg-i-pass-with-install-param
with npm v7.x passes.Expected Behavior:
Running
npm install omg-i-pass-with-install-param
should fail, as it does on v6.x, as a custominstall
script is supposed to run that verifies anpm_config_extra_param
ENV VAR has been set.Steps To Reproduce:
The above fails on 6.x and passes on 7.x
if you close the repo and run the install as outlined in #1650 you will see completely different behavior, as the install script is being respected.
Environment:
OS: MacOS 10.15.6
Node: 14.6.0
npm: 7.0.0-beta.2
The text was updated successfully, but these errors were encountered: